-
Notifications
You must be signed in to change notification settings - Fork 4k
Issue with Single Log-out (SLO) #474
Comments
JWT Header & Payload{ |
Normally different clients are distinct apps, and might even run on distinct domains, so they normally have their own cookies (and don't know about one another). |
I updated to IDSvr4 RC3 yesterday and it actually fixed this issue, probably thanks to the fix in #441 The two clients session cookies are removed if I logout from one of the clients. If I look at the "sid" claim in each client they now have the same value, which results in successful single log-out (SLO). |
Hi, I also have a problem with the single sign out.... If i sign out from my IdentityServer, I'm still logged in the clients. How can I solve this? Thanks |
Also, this happens only in production....on localhost it works fine. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Hi,
I'm having a issue when performing single log-out in IdentityServer4.
I have two MVC clients configured to use the hybrid flow.
The cookie middleware in each client is using different CookieName in the CookieAuthenticationOptions.
Should different clients share same cookie name or do they need to have separate session cookies?
I have a HomeController.cs with a Logout action method i each client
Theses steps describes my issue:
idsvr
idsvr.session
companyname.auth.mvcclienta
companyname.auth.mvcclientaC1
companyname.auth.mvcclientaC2
companyname.auth.mvcclientb
companyname.auth.mvcclientbC1
companyname.auth.mvcclientbC2
.AspNetCore.Antiforgery.xxxxxxxx
The results of the 10 above steps is that the user session in IdentityServer4 is gone and also the session in mvcclienta. But the user is still authenticated and has a session in mvcclientb. The user have the following cookies stored in the browser:
companyname.auth.mvcclientb
companyname.auth.mvcclientbC1
companyname.auth.mvcclientbC2
.AspNetCore.Antiforgery.xxxxxxxx
I can see a failure in the kestrel log of mvcclientb
Here is the logs from the above 10 steps:
kestrel logs - mvcclienta.txt
kestrel logs - mvcclientb.txt
kestrel logs - identityserver4.txt
Clients.cs in IdentityServer4 configuration
Startup.cs of MVC client "mvcclienta"
Startup.cs of MVC client "mvcclientb" (equal to mvcclienta beside different ports and replaced the string mvcclienta with mvcclientb for different property settings)
The text was updated successfully, but these errors were encountered: